Secure delegation using public key authentication

US 7,694,329 B2
Filed: 08/05/2008
Issued: 04/06/2010
Est. Priority Date: 08/03/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product for impersonating a client to a plurality of servers, comprising:

a computer usable storage medium having computer readable program code embodied therein, the computer readable program code comprising;

computer readable program code that obtains by a middle tier server, a common nonce that is created based at least in part upon a pre-nonce contribution from each of a plurality of back-end servers, wherein the common nonce is generated from an entity other than the client that the middle tier server is to impersonate or the plurality of back-end servers that the middle tier server is to interact with on behalf of the client;

computer readable program code that receives by the middle tier server, a request from the client for a transaction with at least one of the plurality of back-end servers;

computer readable program code that provides the common nonce from the middle tier server to the client;

computer readable program code that receives the common nonce signed by the client with the client'"'"'s digital signature at the middle-tier server; and

computer readable program code that impersonates the client by the middle tier server interacting with a selected one of the plurality of back-end servers for implementation of the client request on behalf of the client by providing the signed common nonce and the client request from the middle tier server to at least one of the plurality of back-end servers so as to authenticate the client to the plurality of servers for implementation of the client request on behalf of the client.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client is impersonalized to a plurality of servers using a middle-tier server. A common nonce associated with each of the plurality of servers is obtained and the common nonce is provided to the client. The common nonce signed by the client is received at the middle-tier server and provided as a signature for transactions from the client to the plurality of servers so as to authenticate the client to the plurality of servers.

28 Citations

View as Search Results

20 Claims

1. A computer program product for impersonating a client to a plurality of servers, comprising:
- a computer usable storage medium having computer readable program code embodied therein, the computer readable program code comprising;
  
  computer readable program code that obtains by a middle tier server, a common nonce that is created based at least in part upon a pre-nonce contribution from each of a plurality of back-end servers, wherein the common nonce is generated from an entity other than the client that the middle tier server is to impersonate or the plurality of back-end servers that the middle tier server is to interact with on behalf of the client;
  
  computer readable program code that receives by the middle tier server, a request from the client for a transaction with at least one of the plurality of back-end servers;
  
  computer readable program code that provides the common nonce from the middle tier server to the client;
  
  computer readable program code that receives the common nonce signed by the client with the client'"'"'s digital signature at the middle-tier server; and
  
  computer readable program code that impersonates the client by the middle tier server interacting with a selected one of the plurality of back-end servers for implementation of the client request on behalf of the client by providing the signed common nonce and the client request from the middle tier server to at least one of the plurality of back-end servers so as to authenticate the client to the plurality of servers for implementation of the client request on behalf of the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer program product according to claim 1, wherein the computer readable program code that obtains by a middle tier server, a common nonce, comprises:
    - computer readable program code that obtains the pre-nonce contributions from the plurality of servers;
      
      computer readable program code that combines the pre-nonce contributions to provide a single pre-nonce token; and
      
      computer readable program code that provides the common nonce based on the pre-nonce token.
  - 3. The computer program product according to claim 2, wherein the computer readable program code that obtains the pre-nonce contributions comprises:
    - computer readable program code that encrypts authenticated requests that request a pre-nonce contribution from each of the plurality of servers, where the authenticated requests include at least one of an identification of a source of the request, a time stamp and a random number;
      
      computer readable program code that sends the authenticated requests to the plurality of servers; and
      
      computer readable program code that receives the pre-nonce contributions from the plurality of servers.
  - 4. The computer program product according to claim 2, wherein the pre-nonce contributions include at least one of an identification of a server of the plurality of servers and a random number.
  - 5. The computer program product according to claim 2, wherein the computer readable program code that combines the pre-nonce contributions to provide a single pre-nonce token comprises computer readable program code that concatenates the pre-nonce contributions.
  - 6. The computer program product according to claim 2, wherein the computer readable program code that provides the common nonce based on the pre-nonce token comprises computer readable program code that reduces the pre-nonce token to provide the common nonce by hashing the pre-nonce token utilizing a one-way hash function so as to provide the common nonce.
  - 7. The computer program product according to claim 2, wherein the pre-nonce contributions are signed with a signature corresponding to a server from which the pre-nonce contribution was obtained, further comprising:
    - computer readable program code that incorporating the signatures in the pre-nonce token.
  - 8. The computer program product according to claim 7, further comprising computer readable program code that authenticates the signatures of the pre-nonce contributions and rejects pre-nonce contributions for which the digital signature is not authentic.
  - 9. The computer program product according to claim 2, further comprising:
    - computer readable program code that receives a transaction identification from a trusted server of the plurality of servers;
      
      computer readable program code that associates the transaction identification with the common nonce; and
      
      computer readable program code that tracks use of the common nonce based on the transaction identification.
  - 10. The computer program product according to claim 1, wherein the computer readable program code that obtains by a middle tier server, a common nonce comprises:
    - computer readable program code that obtains the common nonce from a party trusted by the middle-tier server and the plurality of servers, the common nonce being signed by the trusted party; and
      
      computer readable program code that verifies the signature of the common nonce is the signature of the trusted party.

11. A system for impersonating a client to a plurality of servers, comprising:
- a middle tier server in data communication with a plurality of back-end servers, said middle tier server having a processor, memory and program code resident in the memory, where the program code resident in the memory is executable by the processor to impersonate a client to a plurality of servers by executing code configured to;
  
  obtain by a middle tier server, a common nonce that is created based at least in part upon a pre-nonce contribution from each of a plurality of back-end servers, wherein the common nonce is generated from an entity other than the client that the middle tier server is to impersonate or the plurality of back-end servers that the middle tier server is to interact with on behalf of the client;
  
  receive by the middle tier server, a request from the client for a transaction with at least one of the plurality of back-end servers;
  
  provide the common nonce from the middle tier server to the client;
  
  receive the common nonce signed by the client with the client'"'"'s digital signature at the middle-tier server; and
  
  impersonate the client by the middle tier server interacting with a selected one of the plurality of back-end servers for implementation of the client request on behalf of the client by providing the signed common nonce and the client request from the middle tier server to at least one of the plurality of back-end servers so as to authenticate the client to the plurality of servers for implementation of the client request on behalf of the client.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system according to claim 11, wherein the program code resident in the memory to obtain by a middle tier server, a common nonce, comprises program code resident in the memory to:
    - obtain the pre-nonce contributions from the plurality of servers;
      
      combine the pre-nonce contributions to provide a single pre-nonce token; and
      
      provide the common nonce based on the pre-nonce token.
  - 13. The system according to claim 12, wherein the program code resident in the memory to obtain the pre-nonce contributions comprises program code resident in the memory to:
    - encrypt authenticated requests that request a pre-nonce contribution from each of the plurality of servers, where the authenticated requests include at least one of an identification of a source of the request, a time stamp and a random number;
      
      send the authenticated requests to the plurality of servers; and
      
      receive the pre-nonce contributions from the plurality of servers.
  - 14. The system according to claim 12, wherein the pre-nonce contributions include at least one of an identification of a server of the plurality of servers and a random number.
  - 15. The system according to claim 12, wherein the program code resident in the memory to combine the pre-nonce contributions to provide a single pre-nonce token comprises program code resident in the memory to concatenate the pre-nonce contributions.
  - 16. The system according to claim 12, wherein the program code resident in the memory to provide the common nonce based on the pre-nonce token comprises program code resident in the memory to reduce the pre-nonce token to provide the common nonce by hashing the pre-nonce token utilizing a one-way hash function so as to provide the common nonce.
  - 17. The system according to claim 12, wherein the pre-nonce contributions are signed with a signature corresponding to a server from which the pre-nonce contribution was obtained, further comprising:
    - program code resident in the memory to incorporate the signatures in the pre-nonce token.
  - 18. The system according to claim 17, further comprising program code resident in the memory to authenticate the signatures of the pre-nonce contributions and rejects pre-nonce contributions for which the digital signature is not authentic.
  - 19. The system according to claim 12, further comprising:
    - program code resident in the memory to receive a transaction identification from a trusted server of the plurality of servers;
      
      program code resident in the memory to associate the transaction identification with the common nonce; and
      
      program code resident in the memory to track use of the common nonce based on the transaction identification.
  - 20. The system according to claim 11, wherein the program code resident in the memory to obtain by a middle tier server, a common nonce, comprises program code resident in the memory to:
    - obtain the common nonce from a party trusted by the middle-tier server and the plurality of servers, the common nonce being signed by the trusted party; and
      
      verify the signature of the common nonce is the signature of the trusted party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
McGarvey, John R., Kuehr-McLaren, David
Primary Examiner(s)
Henning; Matthew T

Application Number

US12/186,420
Publication Number

US 20090055902A1
Time in Patent Office

609 Days
Field of Search

726/4, 726/8, 713/176, 713/155, 713/168
US Class Current

726/8
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

H04L 9/3213   using tickets or tokens, e....

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Secure delegation using public key authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure delegation using public key authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links